Ooh, Juicy! China Hacks US Treasury, Spies on Millions via Telcos - Patch Now or Else!

This is your China Hack Report: Daily US Tech Defense podcast.Hey there, I'm Ting, and I'm here to give you the lowdown on the latest China-linked cyber activities affecting US interests. Let's dive right in!Over the past 24 hours, we've seen a flurry of activity from Chinese state-sponsored hackers. The big news is the recent hack of the US Treasury Department, courtesy of a vulnerability in BeyondTrust. The primary target was the Office of Foreign Assets Control (OFAC), which administers economic sanctions against countries and individuals. It's no surprise that Beijing would be interested in getting their hands on this intel, especially given the recent sanctions against Chinese companies involved in supplying weapons to Russia for its war in Ukraine[1][2].But that's not all - we've also seen reports of Chinese APT Salt Typhoon compromising multiple US telco providers, giving them the ability to geolocate millions of devices and record communications. The actual extent of the intrusion is reportedly limited, but the access was there, and that's what matters. AT&T and Verizon have since purged the intrusion from their networks and notified affected individuals, but it's a stark reminder of the risks we face[2].In response to these attacks, CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities (KEV) list, including the critical command injection vulnerability CVE-2024-12356 and the medium-severity vulnerability CVE-2024-12686. If you haven't already, it's time to patch those vulnerabilities ASAP[2].National Cyber Director Harry Coker Jr. has called for the US to do more to deter China as a cybersecurity threat, but it's clear that we need a new approach. The current methods just aren't cutting it. Meanwhile, the Treasury breach has also targeted the Committee on Foreign Investment in the US (CFIUS), which oversees foreign investment in the US - another key area of interest for Beijing[2].In other news, watchTowr Labs has uncovered a fascinating tale of digital urbex, where they've taken over abandoned web shell backdoors by registering expired domain names. It's a clever move, and they've uncovered over 4,000 unique and live backdoors in the process. The Shadowserver Foundation has since taken ownership of the domains to prevent their use by malicious actors[2].So, what can you do to protect yourself? First and foremost, stay on top of those patches and keep your systems up to date. CISA recommends immediate action to address these vulnerabilities, and it's not just about the tech - it's about the people and processes behind it. Stay vigilant, and let's keep our defenses strong.That's all for now. Stay safe out there, and I'll catch you on the flip side.For more http://www.quietplease.aiGet the best deals https://amzn.to/3ODvOtaThis content was created in partnership and with the help of Artificial Intelligence AI

There are no comments yet.

Please log in to write the first comment.